CVE-2019-3929: Crestron Multiple Products Command Injection Vulnerability
First published: Tue Apr 30 2019(Updated: )
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Credit: vulnreport@tenable.com vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Crestron Multiple Products | ||
| Crestron AirMedia | =1.6.0.2 | |
| Crestron AM-100 firmware | ||
| Crestron AM-101 | =2.7.0.2 | |
| Crestron Multiple Products | ||
| Barco wePresent WiPG-1000P | =2.3.0.10 | |
| Barco wePresent WiPG-1000P firmware | ||
| Barco wePresent WiPG-1600W firmware | <2.4.1.19 | |
| Barco wePresent WiPG-1600W firmware | ||
| Extron Sharelink 200 Firmware | =2.0.3.4 | |
| Extron Sharelink 200 Firmware | ||
| Extron Sharelink 250 Firmware | =2.0.3.4 | |
| Extron Sharelink 250 Firmware | ||
| Teqavit Wips710 Firmware | =1.1.0.7 | |
| Teqavit Wips710 Firmware | ||
| SHARP PN-L703WA firmware | =1.4.2.3 | |
| SHARP PN-L703WA firmware | ||
| Optoma WPS-Pro firmware | =1.0.0.5 | |
| Optoma WPS-Pro firmware | ||
| Blackbox HD Wireless Presentation System Firmware | =1.0.0.5 | |
| Blackbox HD Wireless Presentation System Firmware | ||
| InFocus LiteShow3 | =1.0.16 | |
| InFocus LiteShow | ||
| InFocus LiteShow 4 Firmware | =2.0.0.7 | |
| InFocus LiteShow | ||
| All of | ||
| Crestron AirMedia | =1.6.0.2 | |
| Crestron AM-100 firmware | ||
| All of | ||
| Crestron AM-101 | =2.7.0.2 | |
| Crestron Multiple Products | ||
| All of | ||
| Barco wePresent WiPG-1000P | =2.3.0.10 | |
| Barco wePresent WiPG-1000P firmware | ||
| All of | ||
| Barco wePresent WiPG-1600W firmware | <2.4.1.19 | |
| Barco wePresent WiPG-1600W firmware | ||
| All of | ||
| Extron Sharelink 200 Firmware | =2.0.3.4 | |
| Extron Sharelink 200 Firmware | ||
| All of | ||
| Extron Sharelink 250 Firmware | =2.0.3.4 | |
| Extron Sharelink 250 Firmware | ||
| All of | ||
| Teqavit Wips710 Firmware | =1.1.0.7 | |
| Teqavit Wips710 Firmware | ||
| All of | ||
| SHARP PN-L703WA firmware | =1.4.2.3 | |
| SHARP PN-L703WA firmware | ||
| All of | ||
| Optoma WPS-Pro firmware | =1.0.0.5 | |
| Optoma WPS-Pro firmware | ||
| All of | ||
| Blackbox HD Wireless Presentation System Firmware | =1.0.0.5 | |
| Blackbox HD Wireless Presentation System Firmware | ||
| All of | ||
| InFocus LiteShow3 | =1.0.16 | |
| InFocus LiteShow | ||
| All of | ||
| InFocus LiteShow 4 Firmware | =2.0.0.7 | |
| InFocus LiteShow |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html
- http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html
- https://www.exploit-db.com/exploits/46786/
- https://www.tenable.com/security/research/tra-2019-20
- https://nvd.nist.gov/vuln/detail/CVE-2019-3929
Frequently Asked Questions
What is CVE-2019-3929?
CVE-2019-3929 is a command injection vulnerability affecting multiple products including Crestron AM-100, Crestron AM-101, Barco wePresent WiPG-1000P, Barco wePresent WiPG-1600W, Extron ShareLink 200/250, Teq AV IT WIPS710, SHARP PN-L703WA, and Optoma WPS-Pro.
How severe is CVE-2019-3929?
CVE-2019-3929 has a severity rating of 9.8 (Critical).
Which products are affected by CVE-2019-3929?
The products affected by CVE-2019-3929 are Crestron AM-100, Crestron AM-101, Barco wePresent WiPG-1000P, Barco wePresent WiPG-1600W, Extron ShareLink 200/250, Teq AV IT WIPS710, SHARP PN-L703WA, and Optoma WPS-Pro.
How can I fix the CVE-2019-3929 vulnerability?
To fix the CVE-2019-3929 vulnerability, users should apply the latest firmware updates provided by the respective vendors.
Where can I find more information about CVE-2019-3929?
You can find more information about CVE-2019-3929 at the following references: [1] [2] [3].
- agent/type
- agent/description
- agent/severity
- agent/title
- agent/weakness
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/event
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- vendor/crestron
- canonical/crestron multiple products
- canonical/crestron airmedia
- version/crestron airmedia/1.6.0.2
- canonical/crestron am-100 firmware
- canonical/crestron am-101
- version/crestron am-101/2.7.0.2
- vendor/barco
- canonical/barco wepresent wipg-1000p
- version/barco wepresent wipg-1000p/2.3.0.10
- canonical/barco wepresent wipg-1000p firmware
- canonical/barco wepresent wipg-1600w firmware
- vendor/extron
- canonical/extron sharelink 200 firmware
- version/extron sharelink 200 firmware/2.0.3.4
- canonical/extron sharelink 250 firmware
- version/extron sharelink 250 firmware/2.0.3.4
- vendor/teqavit
- canonical/teqavit wips710 firmware
- version/teqavit wips710 firmware/1.1.0.7
- vendor/sharp
- canonical/sharp pn-l703wa firmware
- version/sharp pn-l703wa firmware/1.4.2.3
- vendor/optoma
- canonical/optoma wps-pro firmware
- version/optoma wps-pro firmware/1.0.0.5
- vendor/blackbox
- canonical/blackbox hd wireless presentation system firmware
- version/blackbox hd wireless presentation system firmware/1.0.0.5
- vendor/infocus
- canonical/infocus liteshow3
- version/infocus liteshow3/1.0.16
- canonical/infocus liteshow
- canonical/infocus liteshow 4 firmware
- version/infocus liteshow 4 firmware/2.0.0.7